Unlock instant, AI-driven research and patent intelligence for your innovation.
A cross-platform malicious code detection method and system
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A malicious code detection, cross-platform technology, applied in the field of software security technology protection
Active Publication Date: 2022-06-21
SHANDONG COMP SCI CENTNAT SUPERCOMP CENT IN JINAN +1
View PDF7 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
No related technologies have been found to use malicious code samples from different platforms to build detection models to detect malicious code from other platforms, or use malicious code samples from multiple platforms to build a cross-platform malicious code detection model
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0059] A cross-platform malicious code detection method, comprising the following steps:
[0060] (1) Use large-scale benign program samples on multiple platforms to train a pre-training model (Pre-trainModel) to capture the structure and semantic correlation in the context of program instructions and the structure and semantic commonality between program instructions on different platforms;
[0061] (2) On top of the pre-training model, a cross-platform malicious code detection model is constructed using limited-scale benign program samples and malicious program samples from multiple platforms, and the parameters of the cross-platform malicious code detection model are fine-tuned, and the knowledge in the pre-trained model is applied. Migrated to a cross-platform malicious code detection model;
[0062] (3) Use the constructed cross-platform malicious code detection model to detect unknown program samples on different platforms (including platforms not involved in pre-trainin...
Embodiment 2
[0065] According to a cross-platform malicious code detection method described in Embodiment 1, as figure 2 shown, the difference is:
[0066] The specific implementation process of step (1) is as follows:
[0067] 1.1: Collect large-scale benign program samples on Windows, Andriod, Linux, and localized platforms, and construct a multi-platform benign program dataset D, where the samples in D are represented as U i =[C i ,W i ]; where C i ={C 1 ,C 2 ,...,C n } represents the program instructions of the ith sample, set C i The subscript n in the middle represents the total number of program instructions (token); W i ={W 1 ,W 2 ,...,W m } represents the annotation of the ith sample, set W i The subscript m represents the total number of annotation words;
[0068] 1.2: As image 3 As shown, the pre-training model M is constructed based on the multi-layer Transformer encoder, and the multi-platform benign program data set D is used to pre-train the pre-training mode...
Embodiment 3
[0083] A cross-platform malicious code detection method according to Embodiment 2, the difference is:
[0084] like Figure 4 As shown, the specific implementation process of step (2) is as follows:
[0085] 2.1: Build a malicious code detection model M' on top of the pre-trained model M, and the malicious code detection model M' includes a pre-trained model M and a linear classifier K;
[0086] The architecture of the malicious code detection model M' is to connect a linear classifier K to the pre-trained model M. The architecture of the malicious code detection model M' is as follows Image 6 shown.
[0087] 2.2: In order to better learn the structure and semantic features of malicious codes on different platforms, build a dataset D' and train the malicious code detection model M'. The dataset D' includes malicious code samples and benign codes from various platforms sample. In order to avoid the malicious code detection model M' being biased towards the category with mo...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The present invention relates to a cross-platform malicious code detection method and system, including: (1) using benign program samples on multiple platforms to train a pre-training model to capture the structure and semantic correlation in the context of program instructions and program instructions on different platforms (2) Based on the pre-training model, a cross-platform malicious code detection model is constructed using limited-scale benign program samples and malicious program samples from multiple platforms, and the parameters of the cross-platform malicious code detection model are fine-tuned. Transfer the knowledge in the pre-training model to the cross-platform malicious code detection model; (3) use the constructed cross-platform malicious code detection model to detect unknown program samples on different platforms and judge them as malicious or benign. The invention uses program samples of multiple platforms for model training, fully utilizes the commonality of programs on different platforms in terms of structure and semantic context, and alleviates the problem of insufficient training samples of malicious codes on a single platform.
Description
technical field [0001] The invention relates to a cross-platform malicious code detection method and system, belonging to the technical field of software security technology protection. Background technique [0002] Malicious code refers to computer code that is intentionally prepared or set up to pose a threat or potential threat to a network or system. The most common malicious codes are computer viruses (referred to as viruses), Trojan horses (referred to as Trojan horses), computer worms (referred to as worms), backdoors, and logic bombs. Malicious codes have brought serious security threats to network users, enterprises, industrial facilities, networks and information equipment. Therefore, malicious code detection technology has always been the focus of attention in the field of information and network security. [0003] The development of malicious code detection technology can be divided into signature-based, heuristic-based and machine learning-based detection tech...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More